Slashdot Mirror


User: Cederic

Cederic's activity in the archive.

Stories
0
Comments
11,787
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,787

  1. I haven't seen anything stating that the individuals involved knew of the breach ahead of selling their shares.

    The timeline is that Equifax discovered the breach a couple of days before the sales, and these are people sufficiently senior that they very likely did know, but that's supposition rather than evidence.

    I think they're fucked anyway. Either they knew and broke insider trading regulations or they didn't know and are incompetent at their jobs..

  2. Seems to me, Equifax is! as are all the credit collection businesses. Professional Extortion artists!

    What the fuck is 'credit collection'?

    They collect data on everyone. Then sell access to that information to the financial industry (Credit Checks). And if you want to protect yourself you are supposed to pay them to protect (Lock) your credit history.

    It's a difficult situation. If you follow the great American dream and apply for a credit card, you expect to be extended a multi-thousand dollar credit facility. You'll also go to the company that can offer this to you in a couple of minutes and not the one that takes several days, requires personally probing interviews, demands access to all of your existing bank accounts, mortgage and other credit facilities, and then turns you down anyway for being too high a risk.

    So Equifax provide a service that's actually led by consumer demand. You want them to withdraw that service, but it costs them money to do so, and you're not the customer of that service.

    Here's the really fun thing though: If you don't apply for credit, then their service does not get used, and so they don't provide it. Don't apply for credit (or agree to a credit check), no service.

    What you want is for them to deny the service in situations where you don't apply for credit. That doesn't make sense, in that their service is geared towards helping you access an affordable level of credit. So if you're not applying for credit, you don't need their service and they wont offer it. But you want them to withdraw it anyway.

    Clearly you're worried that someone else will apply for credit using your identity. At this point person A applies for credit with company B and Equifax offer a service to help assess this. You're not even involved! The only time you're relevant is if company B believe that person A is you, and pursues you for any debts or obligations they incur, or informs Equifax that you're a poor credit risk and that subsequently impacts on your ability to access credit.

    So you can be a victim, but it's company B that's at fault here for failing to correctly identify person A (and obviously person A for being a lying fraud). You can react to this situation, demanding that Equifax remove any incorrect or fraudulent entries attached to your name in their systems, sue company B and otherwise get on with your life.

    Equifax offer an additional option, which is a service for you as an individual. They'll allow you to prevent person A from masquerading as you in the first place, by informing company B not to allow person A to open an account in your name. That's the service for which they're charging you, and yet you seem to think you should receive it for free?

  3. Re:Lick the boot too hard and you'll scuff the shi on Equifax Blames Open-Source Software For Its Record-Breaking Security Breach (zdnet.com) · · Score: 1

    Really? How? What punishments does Equifax dole out?

    Clearly their US business differs from the one in the UK.

  4. Re:A poor carpenter... on Equifax Blames Open-Source Software For Its Record-Breaking Security Breach (zdnet.com) · · Score: 2

    If we find that there was a someone who tried to raise flags about security, where management declined because it was too expensive then there should be repercussion.

    Be realistic. It's always possible to add an additional security measure, and there are rapidly diminishing returns.

    Security is a risk based domain, and sometimes it's appropriate to take the risk.

  5. Re:A poor carpenter... on Equifax Blames Open-Source Software For Its Record-Breaking Security Breach (zdnet.com) · · Score: 4, Insightful

    Overall I agree with everything you've said, but one thing to add.

    it's hard to recruit good security professionals precisely because those who truly understand security often don't want to touch it precisely because they know there's always a chance someone determined could breach security

    You will suffer data loss. Assume that, plan for it, understand how to detect and mitigate it.

    Given the impossibility of perfect security it would be naive to do anything else, no matter how great (and well resourced) your data security is.

  6. Re:What's it say about J. Edgar Hoover? on AI Can Detect Sexual Orientation Based On Person's Photo (cnbc.com) · · Score: 1

    It's parochial when you're not aware of common phrases in use.

    It's not a common phrase anywhere I've lived, and I've lived in three different countries.

    You're not really aware of the world outside your bubble, are you?

    Astonishingly aware, but that doesn't mean that I know every local fucking insult everywhere in the world.

    You however appear to think that everybody should know all of the mores for the tiny part of the world you inhabit. Now that's fucking parochial.

  7. Re:Isn't 143M basically all adults in America? on Government Officials Begin Investigating Equifax Breach (thehill.com) · · Score: 1

    I think it's pretty clear that the US needs to move away from the social security number being both a confidential number and a unique key that is shared to verify your identity. Those two uses are mutually exclusive.

    I keep reading this so apologies that it's your comment that I've decided to challenge.

    It's totally fucking irrelevant. What got leaked is PII, and if SSN wasn't widely used then other elements of PII would be, and the leak would've still compromised those.

    So you're fucked from this breach whether you use SSN or not.

  8. Tesla barely makes money on the 60 kWh software limited version... and they don't make profit overall yet anyways

    This has absolutely fuck all to do with anything. Tesla could've reduced their costs by putting a 60kWh battery into the car sold with 60kWh capacity but instead decided to put in a larger heavier battery and artificially compromise performance.

    Their choice, and if someone hacks their 60kWh to access 75kWh of battery capacity, all the more power to them.

  9. Under which law? Doesn't the US have a law specifically against this? Technically two, I think you're suggesting breaking the 4th and 8th amendments.

  10. Re:From the No Shit Sherlock Instution on Equifax Breach Provokes Calls For Serious Data Protection Reforms (wired.com) · · Score: 1

    What criminal law do you think the "Equifax Security Cxx" broke?

    Well, potentially the UK DPA for a start.

    But why do you think people are calling for serious data protection reforms? Right now US data protection is largely absent, health data is about the only consumer data with legal constraints.

    Equifax may get sued senseless here but unless there are clear corporate governance failures it's unlikely there'll be criminal charges in relation to the breach.

    (Rather more likely in relation to the post-breach sale of shares though)

  11. Re:as they say, "let the free market decide" on Equifax Breach Provokes Calls For Serious Data Protection Reforms (wired.com) · · Score: 1

    Wait? A company offering ID&V products isn't responsible for market acceptance of adequate ID&V?

    It's possible to say, "That's insufficient information to identify the individual" and refuse to ID&V an individual; of course, that would reduce revenue so fuck consumers?

  12. Re:security software is a JOKE on Best Buy Stops Selling Kaspersky Security Software (startribune.com) · · Score: 1

    Holy shit, are you following me around Slashdot and posting utter fucking idiocy in response to everything I comment on?

    Russia hasn't invaded shit, your braindead tool. Years of pictures posted to social media from your literal neo-Nazi pals in Ukraine, but not a single photo from a U.S. satellite or drone showing Russian troops in Ukraine or invading Crimea.

    Ok, how about an entirely fucking biased source: https://www.rt.com/news/crimea...

    the latter of which had an existing agreement for a Russian naval base - does the U.S. Army "invade" Germany whenever troops are sent to one of the existing bases there?

    Remind me, when did the US take over communications and Government buildings in Germany and annex the country? Nobody was complaining about Russia having a military presence in the country, when it was there by invitation and treaty. It's the subsequent illegal invasion that's the problem.

    voted overwhelmingly to joint Russia

    What, in the illegal referendum in which men with guns bullied people into not campaigning against joining Russia and reportedly intimidated people into not voting unless they were going to vote to join Russia?

    Shit, that referendum has less credibility than an Irish referendum on the EU.

    in no small part due to your literal neo-Nazi pals in Ukraine and their xenophobia.

    I don't think I know anybody in Ukraine, and none of my friends are neo-Nazis.

    But even if all your bullshit on Russia and Ukraine was completely true, it would still be more justified than any American "intervention" you can name, given the fact that the U.S. overthrew the elected government of Ukraine.

    Wait? Whether the US overthrew the elected government of Ukraine or not, that in no way whatsoever justifies the illegal invasion and annexation of part of the country.

    International law offers various remedies, but none of them include stealing a big chunk of someone else's country. You're fucking deluded. I can only assume you're sat in an office in St Petersburg getting paid to vomit up this biased bollocks.

    Next you'll be telling me that Russian anti-air units didn't shoot down a civilian airliner over Ukraine.

    Go back to gargling Cheney's balls, shitbag.

    Charming. You're projecting again.

  13. the "Muslims believe in xyz because their book says so" canard

    I suggested that a specific statement regarding the Koran would be a non-racist attack on Islam. I didn't say that Muslims agree, or believe in it; you're misinterpreting.

    But no one would be stupid enough to apply the same reasoning to Christians, and argue that they all believe in mother-son fucking "because their book says so"

    I think that's false. Someone in this conversation has already inferred that 'book says X so people for whom that book is a religious guide believe X', thus demonstrating very adequately that people are stupid enough to argue that. You just fucking did argue that.

    I still don't see any reference to race, thus proving my point yet further.

  14. Re:No, not subject to US law on Should British Hacker Lauri Love Be Tried In America? (theguardian.com) · · Score: 1

    This isn't about standing and suing, this is a criminal charge. Sue a British person all you fucking like in the US, but if you want to charge them with a crime then they'd better have been in the US when they committed it.

    The US don't need "standing" for the CPS to pursue a prosecution; if the law was broken, there's sufficient evidence that a trial can be reasonably believed will reach a guilty verdict and it's in the public interest then the CPS will prosecute, irrespective of who the fucking victim is.

  15. Re:No, not subject to US law on Should British Hacker Lauri Love Be Tried In America? (theguardian.com) · · Score: 1

    Thing is, he was in the UK. So fuck the US victims if they don't want to inform the UK of activity illegal in the UK and request that the UK prosecute the breach of UK laws.

    Stop trying to impose extraterritorial injustices.

  16. So try the person in the country they're in when they broke the law.

  17. Re: Jurisdiction on Should British Hacker Lauri Love Be Tried In America? (theguardian.com) · · Score: 1

    Thing is, he wasn't in the US, so UK laws take precedence.

    If he hacked a US server without breaking UK law then he didn't break the law and it's unconscionable that he should be extradited.
    If he hacked a US server and broke UK law then he should be prosecuted in the UK for breaking the UK law.

    Otherwise you're basically stating that we should all be shipped over to Syria and tortured for failing to support ISIS.

  18. No, but when you put some of your items in your front window, stick a banner above your door and a sign on it saying, "Open" then you shouldn't be fucking surprised when people pop in and do some browsing.

  19. our continent-sized nation

    You shitting me? You're not even the largest country on the continent.

  20. Re:What's it say about J. Edgar Hoover? on AI Can Detect Sexual Orientation Based On Person's Photo (cnbc.com) · · Score: 1

    This may surprise you but a lot of original dialogue is written for films.

    Plus of course, whether it existed or not, I hadn't fucking heard it and neither had the person to whom I replied.

    That's not being parochial. Do learn how to use these words before splurting them out like an 8 year old with a dictionary.

  21. I give you an example of a non-racist attack on religion and you respond with.. an example of a non-racist attack on religion.

    Thank you for proving my fucking point.

    Complete. Idiocy.

    Ironic.

  22. Re:What's it say about J. Edgar Hoover? on AI Can Detect Sexual Orientation Based On Person's Photo (cnbc.com) · · Score: 1

    I encountered it in a film..
    http://www.imdb.com/title/tt00...

  23. Re:security software is a JOKE on Best Buy Stops Selling Kaspersky Security Software (startribune.com) · · Score: 1

    No, just Russia that invaded and annexed half of another country, breaking the promises it made when that nation voluntarily gave up its nuclear weapons.

    I wouldn't fucking trust Russia to do anything that doesn't directly benefit Putin and his paymasters.

  24. Re:It's time for regulation. Sorry to say it. on Equifax Breach is Very Possibly the Worst Leak of Personal Info Ever (arstechnica.com) · · Score: 1

    Which is clearly bollocks.

    Being PCI compliant immediately means you're a fuck of a lot more secure than someone that hasn't bothered to secure their systems - which would be many companies that see this as an unnecessary expense, but adopt PCI measures so that they can continue to receive payments via payment cards.

    Being PCI-compliant also doesn't protect you from the lawsuits. For example, using the actual subject of your reference: https://targetbreachsettlement...

  25. Just for clarity, handegg is football - the Rugby variant.

    as an ice hockey man

    Is that even a sport?

    cricket, which has absolutely nothing to do with grasshoppers but seems to be an excuse to gather in a field to drink tea.

    Coincidence, but I'm typing this during the Tea break in today's Test match at Lords :)